apiVersion: v1
kind: Pod
metadata:
  name: lb-envoy
  namespace: kube-system
  labels:
    addonmanager.kubernetes.io/mode: Reconcile
    k8s-app: lb-envoy
  annotations:
    checksum/config: {{ lb_configuration_result.checksum }}
spec:
  hostNetwork: true
  dnsPolicy: ClusterFirstWithHostNet
  nodeSelector:
    beta.kubernetes.io/os: linux
  priorityClassName: system-cluster-critical
  containers:
  - name: lb-envoy
    image: {{ lb_envoy_image }}
    imagePullPolicy: IfNotPresent
{% if lb_kube_apiserver_healthcheck_port is defined %}
    livenessProbe:
      httpGet:
        path: /healthz
        port: {{ lb_kube_apiserver_healthcheck_port }}
    readinessProbe:
      httpGet:
        path: /healthz
        port: {{ lb_kube_apiserver_healthcheck_port }}
{% endif %}
    resources: {}
    securityContext:
      privileged: true
    volumeMounts:
    - mountPath: /etc/envoy
      name: envoy-lb-conf
      readOnly: true
  volumes:
  - name: envoy-lb-conf
    hostPath:
      path: /etc/kubernetes/plugins/lb-config
      type: DirectoryOrCreate